Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
4
Replies

Access-List

damrut5763
Level 1
Level 1

‎10-18-2007 04:13 AM - last edited on ‎02-21-2020 11:12 PM by Community Manager

I'm not sure if I'm in the right place but I have a problem with ACL. I have a user who is using VmWare and I gave him a network address of 10.17.0.0/16. I can get to anything on the 10.17.0.X network but nothing else. Here is my acl:interface Vlan17

description "SBU_LABMGR_VM_VLAN"

ip address 10.17.0.1 255.255.0.0

ip access-group SBU_LABMGR_VM_VLAN-IN in

ip access-list extended SBU_LABMGR_VM_VLAN-IN

permit ip 10.17.0.0 0.0.255.255 10.0.7.0 0.0.0.255

permit ip 10.17.0.0 0.0.255.255 10.1.7.0 0.0.0.255

permit ip 10.17.0.0 0.0.255.255 10.1.8.0 0.0.0.255

permit ip 10.17.0.0 0.0.255.255 10.4.7.0 0.0.0.255

permit ip 10.17.1.0 0.0.0.255 10.1.7.0 0.0.0.255

permit ip 10.17.0.0 0.0.255.255 host 10.1.15.75

permit ip 10.17.0.0 0.0.255.255 host 10.1.20.25

deny ip 10.17.0.0 0.0.255.255 10.0.0.0 0.255.255.255

deny ip 10.17.0.0 0.0.255.255 172.16.0.0 0.15.255.255

deny ip 10.17.0.0 0.0.255.255 192.168.0.0 0.0.0.255

permit ip any any

is there any thing wrong with this access-list

Labels:
0 Helpful
4 Replies 4

gojericho0
Level 1
Level 1

‎10-18-2007 09:21 AM

deny ip 10.17.0.0 0.0.255.255 10.0.0.0 0.255.255.255

Do you want them denied to everything on the 10 network?

Can you ping the next hop after the gateway?

Is there any other access list on the default gateway or a firewall that could be blocking traffic?

Is VLAN17 entered in all correct VLAN databases and allowed to traverse all trunk links if it is not terminated at the gateway?

Is NAT,PAT or a proxy setup to access the internet?

0 Helpful

damrut5763
Level 1
Level 1
In response to gojericho0

‎10-18-2007 09:32 AM

Yes I want denied them denied to everything on the 10 network except 10.1.7.X, 10.0.7.X and everything else I have in the permit ACL.

2) There is no firewall blocking traffic

3) Vlan 17 is entered correctly in the database can ping 10.17.0.X network can't get to 10.17.1.X/0.0.255.255 or above.

0 Helpful

gojericho0
Level 1
Level 1
In response to damrut5763

‎10-18-2007 10:17 AM

"Vlan 17 is entered correctly in the database can ping 10.17.0.X network can't get to 10.17.1.X/0.0.255.255 or above"

So you can't ping anything in the 10.17.1.x and above?

Since VLAN17 int = 10.17.0.1 255.255.0.0 can I assume 10.17.1.x are part of the same network segment and vlan membership?

Can you ping 10.17.1.x from VLAN17 interface?

0 Helpful

damrut5763
Level 1
Level 1
In response to gojericho0

‎10-18-2007 10:20 AM

Thank you for your assistance the problem was with the virtual server gateway. Everything is working!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents